10 matches found
CVE-2026-41326
A flaw was found in Kata Containers. An oversight in the CopyFile policy and perhaps the CopyFile handler allows untrusted hosts to write to arbitrary locations inside the guest workload image. This can be used to overwrite binaries inside the guest and exfiltrate data from containers; even those...
Kata Container has CopyFile Policy Subversion via Symlinks
Summary An oversight in the CopyFile policy and perhaps the CopyFile handler allows untrusted hosts to write to arbitrary locations inside the guest workload image. This can be used to overwrite binaries inside the guest and exfiltrate data from containers; even those running inside CVMs. Details...
GHSA-Q49M-57VM-C8CC Kata Container has CopyFile Policy Subversion via Symlinks
Summary An oversight in the CopyFile policy and perhaps the CopyFile handler allows untrusted hosts to write to arbitrary locations inside the guest workload image. This can be used to overwrite binaries inside the guest and exfiltrate data from containers; even those running inside CVMs. Details...
CVE-2026-41326
Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines VMs that perform like containers. From v3.4.0 to v3.28.0, an oversight in the CopyFile policy and perhaps the CopyFile handler allows untrusted hosts to write to arbitrary locations...
PT-2026-35062
Name of the Vulnerable Software and Affected Versions Kata Containers versions 3.4.0 through 3.28.0 Description An oversight in the CopyFile policy and potentially the CopyFile handler allows untrusted hosts to write to arbitrary locations within the guest workload image. This flaw can be exploit...
EUVD-2024-32188
Malicious code in bioql PyPI...
CVE-2024-3609
The ReviewX – Multi-criteria Rating & Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the reviewxremoveguestimage function in all versions up to, and including, 1.6.27. This makes it possible for authenticated...
qemu -- denial of service vulnerability in Q35 chipset emulation
Prasad J Pandit, Red Hat Product Security Team, reports: Qemu emulator built with the Q35 chipset based pc system emulator is vulnerable to a heap based buffer overflow. It occurs during VM guest migration, as more16 bytes data is moved into allocated 8 bytes memory area. A privileged guest user...
CentOS 5 : kvm (CESA-2010:0126)
Updated kvm packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. KVM Kernel-based Virtual Machine is a full virtualization solution for Linux on...
kmod, kvm security update
CentOS Errata and Security Advisory CESA-2010:0126 Updated kvm packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. KVM Kernel-based Virtual Machin...